diff options
Diffstat (limited to 'bin/conf')
| -rw-r--r-- | bin/conf/flowood.conf | 62 | ||||
| -rw-r--r-- | bin/conf/maat_tableinfo.conf | 16 | ||||
| -rw-r--r-- | bin/conf/maat_test.json | 89 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local | 2 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local | 3 | ||||
| -rw-r--r-- | bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 | 5 | ||||
| -rw-r--r-- | bin/conf/network_access.cfg | 4 | ||||
| -rw-r--r-- | bin/conf/network_connect.cfg | 6 | ||||
| -rw-r--r-- | bin/conf/network_forward.cfg | 6 | ||||
| -rw-r--r-- | bin/conf/network_gdev.cfg | 6 |
13 files changed, 208 insertions, 0 deletions
diff --git a/bin/conf/flowood.conf b/bin/conf/flowood.conf new file mode 100644 index 0000000..d270e7e --- /dev/null +++ b/bin/conf/flowood.conf @@ -0,0 +1,62 @@ +[main] +thread_num=1 +nat_htable_timeout=180 +nat_htable_max_num=10000 +global_access_gateway_num = 5 +#id start with natural number, 1 +current_access_gateway_id = 2 + +use_static_pool_ip_if_no_dynamic=0 +use_dynamic_pool_ip_if_no_static=0 + +[log] +log_level=10 + +[maat] +json_switch=1 +json_cfg_file=./conf/maat_test.json +table_info=./conf/maat_tableinfo.conf +inc_dir=./soqrule/inc/index/ +full_dir=./soqrule/full/index/ + + +#cap_mode: (0:pag,1:pcap,2:socket,3:pfring,4:DPDK,5:ppf,6:NPacket,7:qnf,8:N95,9:pcap-dumpfile-list,10:topsec +# 11:ipfile, 12:marsio4, 13:agent_smith, 14:dpdk_vxlan, 15:marsio_vxlan, 16:pag_marsio) +# for flowood, only support mode1, mode2, mode12! + +[TOPO_ACC_LINK_USER] +cap_mode=1 +device_name=em1 +addr_para=172.18.1.229 +addr_mask=255.255.0.0 +gateway_ip=172.18.1.254 +pkt_filter=net 172.18.0.0/16 + + +[TOPO_ACC_LINK_FWD] +cap_mode=2 +device_name=em2 +addr_para=64789 +#addr_para=172.16.1.229 +#addr_mask=255.255.255.0 +gateway_ip=192.168.10.1 +pkt_filter= + +[TOPO_FWD_LINK_ACC] +cap_mode=2 +device_name=em1sdf +addr_para=64789 +#addr_para=172.16.1.201 +#addr_mask=255.255.0.0 +gateway_ip=172.16.1.201 +pkt_filter=net 172.16.0.0/16 + + +[TOPO_FWD_LINK_GDEV] +cap_mode=1 +device_name=em1 +addr_para=172.17.1.203 +addr_mask=255.255.0.0 +gateway_ip=172.17.1.1 +pkt_filter=net 172.17.0.0/16 + diff --git a/bin/conf/maat_tableinfo.conf b/bin/conf/maat_tableinfo.conf new file mode 100644 index 0000000..6d935bd --- /dev/null +++ b/bin/conf/maat_tableinfo.conf @@ -0,0 +1,16 @@ +#each collumn seperate with '\t' +#id (0~65535) +#name string +#type one of ip,expr,expr_plus,digest,intval,compile or plugin +#src_charset one of GBK,BIG5,UNICODE,UTF8 +#dst_charset combined by GBK,BIG5,UNICODE,UTF8,seperate with '/' +#do_merege yes or no +#cross cache 0~max +#quickswitch quickon or quick off +#id name type src_charset dst_charset do_merge cross_cache quickswitch +0 IR_POLICY_COMPILE compile UTF8 UTF8 no 0 +1 IR_POLICY_GROUP group UTF8 UTF8 no 0 +2 IR_POLICY_IP ip UTF8 UTF8 no 0 +3 IR_STATIC_IP_POOL_CB plugin UTF8 UTF8 no 0 +4 IR_DYN_SIFT_IP_CB plugin UTF8 UTF8 no 0 +5 IR_DYN_CONN_IP ip -- diff --git a/bin/conf/maat_test.json b/bin/conf/maat_test.json new file mode 100644 index 0000000..9be798c --- /dev/null +++ b/bin/conf/maat_test.json @@ -0,0 +1,89 @@ +{
+ "compile_table": "IR_POLICY_COMPILE",
+ "group_table": "IR_POLICY_GROUP",
+ "rules": [
+ {
+ "compile_id": 1,
+ "service": 1,
+ "action": 2,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_rage": 0,
+ "user_region": "IR_STRATEGY:10001",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "group_name": "group_1",
+ "regions": [
+ {
+ "table_name": "IR_POLICY_IP",
+ "table_type": "ip",
+ "table_content": {
+ "addr_type": "ipv4",
+ "src_ip": "172.18.1.13",
+ "mask_src_ip": "255.255.255.255",
+ "src_port": "0",
+ "mask_src_port": "65535",
+ "dst_ip": "0.0.0.0",
+ "mask_dst_ip": "255.255.255.255",
+ "dst_port": "0",
+ "mask_dst_port": "65535",
+ "protocol": 0,
+ "direction": "double"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "compile_id": 2,
+ "service": 1,
+ "action": 2,
+ "do_blacklist": 1,
+ "do_log": 1,
+ "effective_rage": 0,
+ "user_region": "IR_STRATEGY:10002",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "group_name": "group_2",
+ "regions": [
+ {
+ "table_name": "IR_POLICY_IP",
+ "table_type": "ip",
+ "table_content": {
+ "addr_type": "ipv4",
+ "src_ip": "172.18.1.222",
+ "mask_src_ip": "255.255.255.255",
+ "src_port": "0",
+ "mask_src_port": "65535",
+ "dst_ip": "0.0.0.0",
+ "mask_dst_ip": "255.255.255.255",
+ "dst_port": "0",
+ "mask_dst_port": "65535",
+ "protocol": 0,
+ "direction": "double"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "plugin_table": [
+ {
+ "table_name": "IR_DYN_SIFT_IP_CB",
+ "table_content": [
+ "1\t4\t0\t192.168.10.222\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t2018-07-15"
+ ]
+ },
+ {
+ "table_name": "IR_STATIC_IP_POOL_CB",
+ "table_content": [
+ "1\t4\t0\t47.74.128.220\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t1\t1\t10001\t2018-07-15",
+ "2\t4\t0\t192.168.10.222\t0\t2\tgdev_ip=10.0.6.195;\t0\t1\t1\t1\t10002\t2018-07-15"
+ ]
+ }
+ ]
+}
diff --git a/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local b/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local new file mode 100644 index 0000000..2fc8e5f --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local @@ -0,0 +1,2 @@ +0000000001 +1 4 0 192.168.10.222 0 2 gdev_ip=10.0.6.195; 0 1 2018-07-15 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local new file mode 100644 index 0000000..f0d8445 --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local @@ -0,0 +1,3 @@ +0000000002 +1 1 2 1 1 0 IR_STRATEGY:10001 1 +2 1 2 1 1 0 IR_STRATEGY:10002 1 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local new file mode 100644 index 0000000..86bfaf1 --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local @@ -0,0 +1,3 @@ +0000000002 +0 1 1 +1 2 1 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local new file mode 100644 index 0000000..57f5ad9 --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_POLICY_IP.local @@ -0,0 +1,3 @@ +0000000002 +0 0 4 172.18.1.13 255.255.255.255 0 65535 0.0.0.0 255.255.255.255 0 65535 0 0 1 +1 1 4 172.18.1.222 255.255.255.255 0 65535 0.0.0.0 255.255.255.255 0 65535 0 0 1 diff --git a/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local b/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local new file mode 100644 index 0000000..874147d --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local @@ -0,0 +1,3 @@ +0000000002 +1 4 0 47.74.128.220 0 2 gdev_ip=10.0.6.195; 0 1 1 1 10001 2018-07-15 +2 4 0 192.168.10.222 0 2 gdev_ip=10.0.6.195; 0 1 1 1 10002 2018-07-15 diff --git a/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 b/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 new file mode 100644 index 0000000..ba4e23c --- /dev/null +++ b/bin/conf/maat_test.json_iris_tmp/index/full_config_index.0000000001 @@ -0,0 +1,5 @@ +IR_POLICY_COMPILE 2 ./conf/maat_test.json_iris_tmp/IR_POLICY_COMPILE.local +IR_POLICY_GROUP 2 ./conf/maat_test.json_iris_tmp/IR_POLICY_GROUP.local +IR_DYN_SIFT_IP_CB 1 ./conf/maat_test.json_iris_tmp/IR_DYN_SIFT_IP_CB.local +IR_STATIC_IP_POOL_CB 2 ./conf/maat_test.json_iris_tmp/IR_STATIC_IP_POOL_CB.local +IR_POLICY_IP 2 ./conf/maat_test.json_iris_tmp/IR_POLICY_IP.local diff --git a/bin/conf/network_access.cfg b/bin/conf/network_access.cfg new file mode 100644 index 0000000..f88daa0 --- /dev/null +++ b/bin/conf/network_access.cfg @@ -0,0 +1,4 @@ +#global_id access_manage_ip access_feedback_ip +#for example: +1 10.0.6.229 172.16.0.229 +1 10.0.6.203 172.16.0.203 diff --git a/bin/conf/network_connect.cfg b/bin/conf/network_connect.cfg new file mode 100644 index 0000000..23f5b9c --- /dev/null +++ b/bin/conf/network_connect.cfg @@ -0,0 +1,6 @@ +#region vlan_id gdev_redirect_ip forward_manage_ip forward_feedback_ip +#for example: +#beijing 1 10.0.0.1 10.0.0.101 172.16.0.1 +#shanghai 1 10.0.1.1 10.0.1.103 172.16.1.3 +#guangzhou 1 10.0.2.3 10.0.2.101 172.16.2.1 +alamutu 1 10.0.6.201 10.0.6.201 10.0.6.201 diff --git a/bin/conf/network_forward.cfg b/bin/conf/network_forward.cfg new file mode 100644 index 0000000..e41d4a5 --- /dev/null +++ b/bin/conf/network_forward.cfg @@ -0,0 +1,6 @@ +#region vlan_id forward_ip +#for example: +#beijing 1 10.0.0.101 +#shanghai 1 10.0.1.103 +#guangzhou 1 10.0.2.101 +huayan 1 10.0.6.201 diff --git a/bin/conf/network_gdev.cfg b/bin/conf/network_gdev.cfg new file mode 100644 index 0000000..f57988d --- /dev/null +++ b/bin/conf/network_gdev.cfg @@ -0,0 +1,6 @@ +#region vlan_id gdev_redirect_ip +#for example: +#beijing 1 10.0.0.1 +#shanghai 1 10.0.1.1 +#guangzhou 1 10.0.2.3 +huayan 1 10.0.6.195 |